that was yesterday. now, ten hours later, a malicious sshd process is back. I'd like to understand how it is being started. I already searched all cronjobs and initscripts but didn't find anything suspicious.

mejo: Steps after a system was compromised: 1) Take the server down, hard (pull the plug) 2) boot off a trusted medium to do a post-mortem analysis 3) do a clean reinstallation and recover data from backups.

dell vostro 260 (desktop, AMD CPU): i see reproducible hangs of USB mouse (Logitech trackball) and USB keyboard, that take about 5 seconds to recover, with jessie. squeeze and wheezy were amazingly stable…

there's nothing in the logs, and the keyboard hangs even in the text consoles, not just Gnome; the trackball strats working again if I click its buttons, or after moving the ball for about 5 seconds. perhaps some USB autosuspend? in any case, jessie is unusable, you can't even log in reliably

petn-randall: while that's true in general, I don't have the feeling that the malware does much to hide itself except from being named 'sshd'. the processes are listed in ps and top, they don't do any magic to tamper with the output according to information from /proc filesystem

petn-randall: I don't know, I guess. But my (limited) experience with compromised systems tells me that it's unlikely in that case. Still you're correct, and I'll reboot with a known-to-be-good live system as a next step.

petn-randall: and I compared output of ps/top with the details from /proc/<PID> and didn't find any differences. Before rebooting to a live system, first I'd like to get a better picture of the running compromised system. Thus I tried to find out how the sshd process is invoked on the compromised sytem.

so maybe I need to rephrase my question: given, that I rebooted to the known-to-be-good live system - and I checked all cronjobs and initscripts - what else options are there to invoke the malware? logging into the system and starting it remotely would be another option. Can you think of any other?

Hi, I tried to install kibana4 by following a guide, everything works fine except for the init script. Whenever I try to start it I get: Starting kibana4 (via systemctl): kibana4.serviceFailed to start kibana4.service: Unit kibana4.service failed to load: No such file or directory.

My laptop is now running jessie, I have switched from fglrx to radeon, but no longer have control of the brightness - the graphic for the setting comes up but the actual brightness remains unchanged. It's a Lenovo ThinkPad X131e

If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later or on debian-user@lists.debian.org. See <smart questions><errors>.

Hi all. My /etc/network/interfaces doesn't seem to honor the "dns-nameservers" option anymore under jessie. I'm assuming it's related to systemd changes. Any good resources to learn more about how networking configuration has changed?

I'm trying to upgrade to Debian 8. Everything went insanely well except one package. It seems that uwsgi-plugin-cgi is now missing from the repos. I'm not sure if it's just compiled into the uwsgi package now and upgrading uwsgi will be fine or if missing that package is going to break things.

Thanks, that pointed me in the right direction. I didn't have resolvconf or network-manager installed; installing resolvconf didn't mess with any dependencies, and got the dns-nameserver option working just like it used to.

debijith: one test I would suggest is create a new user on your system. Then log into gnome with that user. It could be you have some custom configs that are not compadable with the newer versions in jessie ($HOME is not changed during an upgrade).

Point releases are updates to <stable> and <oldstable>, fixing security and grave bug fixes. There are no point releases for Debian 8 "Jessie" yet. You can upgrade to the latest point release by referencing a Debian <mirror> in /etc/apt/sources.list, then "aptitude update && aptitude full-upgrade". See <7.8>. https://wiki.debian.org/DebianReleases/PointReleases

imperia: also if you are upgraind from wheezy to jessie, you fist have to upgrade to the latest point relese (else you could have issues because it is designed to be upgraded from the latest point release)

somiaj: i have VPS with wheezy (upgraded from squeeze) it doesn't have systemd.. i want to go 8.0 but i have to test the upgrade process to 8.0. ... i tried 7.8 netinst.. but its different .. it have systemd

imperia: the mirrors have all up to date packages, so upgrading your wheezy install to the newest package versions (bug and security fixes) is 7.8. There is very little difference between 7.0 and 7.8 (only security fixes, bug fixes and sometimes new drivers are backported to the kernel).

Now that I'm on jessie, how can I list all packages that aren't part of the stable release? I know some systems will have packages that aren't part of the stable release, I just want to do an audit across my servers to know what those are.

Blacker47 [~Blacker47@00014f22.user.oftc.net] has quit [Quit: Unfortunately, the internet is not available in Germany because it may contain music for which GEMA has not granted the respective music rights.]

hi I have an oddity with my graphics card (Nvidia using nouveau driver). During login, loading MATE, the screen goes a lovely green colour with speckles. After a reboot I get a collage of some bits of the windows from my last login.

Blacker47 [~Blacker47@00014f22.user.oftc.net] has quit [Quit: Unfortunately, the internet is not available in Germany because it may contain music for which GEMA has not granted the respective music rights.]

G'day from New Zealand everyone! Am running wheezy AtTheMoment but want to upgrade to jessie, BUT it is a pretty daunting process - it seems to me! + I just read that Jessie does not have "fallback" for Gnome anymore...I am on welfare & I do not think that I can afford a 3D graphics card + my old Dell Dimension 3000 has only a PCI motherboard...? What do you suggest I do?

quick question for the channel.. I just installed Debian 8, along with KDE, XFCE, MATE, as I often switch between them.. After reboot, XFCE came up, which is not the DE I want right now, but it seems the XFCE greeter is missing any way to switch between DE's.... Help!!

Hi, I'm new here but I just upgraded to Debian Jessie on my IBM ThinkPad T60p, and it's having graphics problems. When I try to do something like start a game, the colors get completely messed up. Haven't been able to find out what's wrong. Any help is appreciated, thanks.

for anyone who didn't see yet: I just upgraded my IBM ThinkPad T60 from Wheezy to Jessie, and it's having graphics problems. When I try to do stuff like start a game, switch screen resolution, etc., the colors get all messed up. I read through the Debian Wiki page about ATI stuff but I already have the drivers installed that it mentions. I tried using a Debian Jessie live CD, and apparently graphics work just fine with th

Hi everyone, just wanted to let y'all know that my graphics issues with Debian Jessie have been fixed. Turns out I still had remnants of fglrx on here. No idea why, but it's been removed now and everything seems to be in order. Thanks for the help everyone.

shadows: No surprises over here. This whole laptop is a strange beast. As far as a USB dongle goes, I'm not against that, but since I know I can get alsaloop to work, I'm gonna beat on this thing till the applications recoginize it.

shadows: Very interesting little bug there. I knew from the last time I had to play with the line in, that this chipset is special. No so much on the bug front, but in the complete lack of useful features or items. Makes me want to rig up the CMedia sound card from my Pentium 3 onto the board, laptop shape be damned!

I really don't have any complaints. I always follow the testing tree, because Debian is a little slow on that front, and the number of bugs between when this was a Wheezy and now is actually pretty small. The blue VDPAU flash bug was the biggest one, and that's exclusively Adobe's fault.

AH! That makes a ton of sense. I generally have a lot of shells open, and don't really launch stuff outside of them, so I find I can count the time between launching the file manager in months at best.